Technology

Ace Hardware may be your go-to for tools and home projects, but it's also a great place to find holiday gifts for loved ones from high-quality brands.

Explore our top picks of the best headphones on the market -- all approved by CNET's mobile audio editor.

Need a new car phone holder? If you have an iPhone, be sure to check out the iOttie phone holder, on sale right now for Black Friday.

• Researchers from Aqua Security discover new Matrix botnet
• The botnet runs IP cameras, DVRs, routers, and similar
• Matrix was built using off-the-shelf and open source tools

Cybersecurity researchers have spotted a new malicious botnet running distributed denial of service (DDoS) attacks against victims worldwide.

Named “Matrix” by experts at Aqua Security, the botnet was created by a lone hacker gathering up different open source and otherwise free-to-use tools to create it from scratch.

The creator scanned the internet for vulnerable Internet of Things (IoT) devices such as IP cameras, DVRs, routers, and telecom equipment - they could either have a known software flaw, or could simply have an easy-to-break password.

Script kiddie

After identifying the vulnerable endpoints, the hacker would deploy Mirai - an infamous, almost decade-old malware that was behind some of the most disruptive DDoS attacks in history. Besides Mirai, the attacker would also deploy PYbot, pynet, DiscordGo, Homo Network, and other malicious tools.

Ultimately, this led to the creation of Matrix, a widespread botnet that was later offered for other crooks as a service. The sale was being facilitated via a Telegram channel called “Kraken Autobuy”, with the attacker being paid in cryptocurrency.

Its victims are scattered all over the world - from China and Japan, to Argentina, Australia, and Brazil. Egypt, India, and the US also found themselves on the list.

However, while the threat actor seems to be of Russian origin, there is a notable absence of Ukrainian targets, as the researchers believe this is because the Matrix’s “Architect” is after money, and not political or ideological agendas.

Aqua has also made an interesting observation, calling the attacker a “script kiddie”. This is a derogatory term in the cybersecurity community, usually describing an inexperienced, or unskilled hacker. The researchers did it because the attacker used off-the-shelf solutions, rather than building custom solutions on their own.

However, they also hinted that script kiddies could become a much bigger threat in the future:

"This campaign, while not highly sophisticated, demonstrates how accessible tools and basic technical knowledge can enable individuals to execute a broad, multi-faceted attack on numerous vulnerabilities and misconfigurations in network-connected devices," they said.

"The simplicity of these methods highlights the importance of addressing fundamental security practices, such as changing default credentials, securing administrative protocols, and applying timely firmware updates, to protect against broad, opportunistic attacks like this one."

You might also like

• Zyxel VPN security flaw targeted by new ransomware attackers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

If you're having trouble figuring out where you should put your AirTags, consider one of these locations.

• New phishing scam looks like an official email from Apple
• Links to fake Apple login screen that will steal your credentials
• Double-check that the email comes from an Apple.com address

Scammers are always trying new tactics to steal your personal information. The latest phishing scam is no exception: cybercriminals are sending out emails which appear to be from Apple, claiming that your Apple ID is suspended, requiring urgent action.

The email, which appears convincing, demands that you take action to recover your suspended Apple ID (which has been rebranded your 'Apple Account' from iOS 18). Clicking the link in the email will take you to a fake Apple login screen. If you enter your details here, hackers will steal your credentials and potentially be able to gain access to your Apple account.

Depending on how securely your Apple account is set up, your username and password could allow these cybercriminals to make fraudulent purchases with your saved payment methods. They could also give them access to personal data, such as files and photos saved in your iCloud account.

The scam relies on all of the techniques used in classic phishing scams. The email is designed to look exactly like an official email from Apple, with logos, colors and fonts that make it highly believable. This consistency is intended to gain your trust.

The account alert also causes an emotional response. You might experience fear or panic at the thought that your Apple ID has been suspended. This is the hook that could cause you to act. The scam combines this with a sense of urgency, requiring you to act quickly to recover your account. The idea behind this is to make you act hastily, overlooking any inconsistencies in the email.

Don’t take the bait

An official email from Apple will end with '@email.apple.com' like the one above. (Image credit: Apple)

With more than two billion active Apple devices worldwide, it’s no surprise that scammers are targeting users of these products. Whether you own an iPhone, an iPad, a MacBook or something else, an Apple ID is your key to the Apple ecosystem. If this is compromised, cybercriminals can potentially access a trove of your data.

This isn’t the first Apple ID scam we’ve seen: earlier this year we reported on an SMS attack which attempted to steal user details. With phishing attacks becoming increasingly common, complex and harder to detect, particularly with the use of artificial intelligence, we don’t expect Apple ID (or Apple Account) scams to go away any time soon.

TL;DR How to stay safe

(Image credit: Konstantin Savusia via Shutterstock)

1. Check the email's address (Apple emails will end in '@email.apple.com').
2. Watch out for inconsistencies in the email (like grammatical errors).
3. Remember that Apple will never ask you to log in to a website.
4. Turn on two-factor authentication for extra security.

There are a few things you can do to keep yourself and your Apple ID secure. First, whenever you receive an email about your Apple ID, check the address that the email has been sent from. If it’s a genuine email from Apple, the account will end in @email.apple.com. If it doesn’t, it’s almost certainly fraudulent.

Secondly, you should also check the email thoroughly for inconsistencies. Look for spelling mistakes, grammatical errors and formatting issues, all of which are tell-tale signs of a fraudulent email.

As a general rule, you should view account alert emails with a healthy dose of suspicion. Apple has published an article about how to stay safe from scams, in which it offers the following advice: “If you're suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safer to presume that it's a scam — contact that company directly if you need to.”

Apple also makes clear that it will never ask you to log in to a website, provide your passcode or bypass two-factor authentication. If an email is asking you to do any of these things, you know that it’s a scam.

If you believe that an email you’ve received about your Apple ID isn’t authentic, don’t click any links contained in it. Instead, you can forward this email to reportphishing@apple.com, then mark the message as spam.

If you believe your Apple ID has been compromised, you should change your password by heading directly to the Apple website. It’s also best-practice to turn on two-factor authentication, which will make it much harder for hackers to access your Apple account, even if they have your username and password.

You might also like...

• Everything you need to know about phishing
• How to add extra security to your Apple ID
• How to switch Apple ID

Anthropic is rolling out new ways for you to change how your Claude AI chatbot communicates with a new range of pre-set and custom writing styles. Instead of explaining in every prompt how you want the AI to respond, you'll be able to tailor its conversation to your needs. That means Claude will be as formal or casual, verbose or concise as you wish. It’s a major step to making talking to an AI feel more natural and more like talking to a person, in this case, a person who speaks in a way you prefer.

There are three preset options you can pick from right away. The names are pretty much on the nose. Formal style is for professional, precise responses; Concise is for shorter and direct answers; and Explanatory style is more about explaining and teaching, with extra context and details.

However, the new custom style option is the real eye-catcher. You can create your own personal communication styles for Claude to mimic by uploading samples in the tone and style you want, along with your own words describing the way you want Claude to write. Over time, you can fine-tune and improve the descriptions to make the AI chatbot a perfect mimic. You can see how it works below.

(Image credit: Anthropic) AI at home

"Whether you're a developer writing technical documentation, a marketer crafting specific brand guidelines, or a product team planning extensive project requirements, Claude can adapt to your preferred way of writing," Anthropic explained in a blog post. "With styles, Claude adapts to your unique context and communication choices, helping you achieve more while working in a way that feels natural to you."

For those keen on consistent style, like in business or professional communications, the new feature has obvious appeal. Anthropic pointed to customers like GitHub, which is using the style options to improve internal operations and create marketing copy. It's worth raising questions about how customizable AI might reshape communication in professional and creative spaces. Could this blur the line between human-authored and AI-generated content? And in scenarios where tone and voice are crucial—like legal documents or sensitive communications—how much responsibility should fall on the AI versus the user to ensure accuracy and appropriateness?

Anthropic's approach is somewhat unique, but customizing AI responses isn’t entirely new. ChatGPT, Google Gemini, and Microsoft Copilot all have features for customizing tone and voice. Still, Anthropic's option to infer your preferred style from uploaded content could make it a lot easier to teach the AI how you want it to write.

You might also like

• A new AI feature can control your computer to follow your orders
• You and your friends can now share and remix your favorite conversations with the Claude AI chatbot
• Anthropic wants its AI assistant Claude to be your favorite coworker

• Dash Pro Flash Drive delivers up to 4TB storage with high speeds
• Achieves 1050MBps on USB 3.2; supports USB-C and Thunderbolt
• Includes adapters, and features durable aluminum housing

Despite the rise of cloud storage, a USB flash drive remains a practical and reliable tool for data storage and transfer.

Their portability, ease of use, and ability to operate without an internet connection make them invaluable for creatives and professionals, whether sharing large files, backing up critical data, or accessing information on the go. If there’s a drawback to flash drives, it might be capacity, but the Dash Pro from Oyen Digital solves this by offering sizes up to 4TB.

Measuring just 3.1 x 0.97 x 0.33 inches and weighing 2 ounces, the drive supports USB-A, USB-C, and Thunderbolt 3 & 4 connections and the internal NVMe PCIe 4.0 x4 interface, powered by the Phison E21 controller, offers speed and reliability.

Heat protection

Pre-formatted with exFAT, the drive is ready to use with Windows, macOS, and Linux operating systems.

By using 3D TLC NAND, the USB 3.2 Gen2 Dash Pro achieves speeds of up to 1050MBps when connected via USB-C, USB 3.2, or Thunderbolt 3 & 4 (it is not compatible with Thunderbolt 1 or 2), and up to 525MBps with USB 3.0.

The Dash Pro has a durable aluminum housing that effectively absorbs and dissipates heat, preventing the internal components from overheating. With an operating temperature range of 32°F to 158°F, the drive promises dependable performance even in harsh conditions.

Included with the Dash Pro are a USB-A to USB-C adapter, a USB-A extender, and a lanyard, which should hopefully prevent you from losing the drive. Certified by CE and FCC, Dash Pro is backed by a three-year warranty.

The Dash Pro is available for purchase from B&H in 1TB, 2TB, and 4TB capacities, with the largest drive priced at $439. Whether you need fast transfers, secure data storage, or wide compatibility, the Dash Pro Flash Drive is a versatile and high-performance option.

You might also like

• These are best Black Friday mini PC deals right now
• And these are best USB flash drives on the market
• I challenge anyone to find a better USB flash drive for less than $70

Never miss out on another good night of sleep with the Loop Quiet 2 Ear Plugs.

Commentary: I have some words of warning for Apple before it launches its first folding iPhone.

Amazon's small business portal isn't the easiest to navigate -- but it offers a convenient way to shop small on Black Friday.

If you're thinking about upgrading to a new TV, LG has a wide selection of OLED TV deals now and through Black Friday.

From LEDs to fancy OLED models, these are our favorite televisions at every price.

It's Black Friday week, and you know what that means: pretty much every retailer on the planet is offering "super mega deals" on gadgets and accessories. But savvy shoppers know where to go for even bigger savings – while also reducing their environmental impact.

Whether you're looking for iPhones or headphones, PCs or tablets, smartwatches or Nintendo Switches, Back Market is the place to go for the very best tech deals – not just during Black Friday week, but every week. With savings of up to 50% on new prices in the UK and up to 70% in the US, it's the perfect place to get the very best tech for the very best prices.

(Image credit: Back Market) Serious savings on the most tempting tech

You can save serious amounts of cash by shopping at Back Market. Today*, the Samsung Galaxy S23 is down from £831.51 to just £371, a saving of over £460. For US buyers, it's down from $799 to $353.09.

The incredibly powerful iPhone 15 Pro Max is down from £1,199 to £702.09 in the UK and from $1,199 to $833.87 in the US.

And the iPhone 14 is down to just £355.93 from the usual £599. In the US, it's down from $599 to $335.95.

That's not all. You can get a full-size iPad for just £102.05 / $78.20 and an Apple Watch Ultra for £597.17 / $443.16, down from the normal £982.16 / $799. The M-powered MacBook Air is available for just £510.40 / $477.63 and the M1 Pro starts at £562.32 / $515.

You can pick up a Nintendo Switch for £197 / $232, a pair of Beats Solo 3 for £129 / $98, and Beats Studio3 for less than half price at just £205.97. In the US they're even cheaper: $117.34, down from $469.53.

And those prices don't include trade-ins, which are available on many items and which bring the price you pay down even more. And if you trade-in this Black Friday, Back Market are giving an extra £20 / $30 off all orders over £250 / $250.

Back Market's UK site also does great deals on appliances. Looking for a fancy coffee machine? There are great deals on espresso and Nespresso machines alike, such as Sage's The Barista Touch. That one's down from £1,199.95 to just £684.99. A great Russell Hobbs air fryer is yours for just £35, down from £178.47. Fancy a juicer? £89.99 instead of £229.95.

It isn't too good to be true, and it doesn't come with a catch. It's just a better way to buy.

(Image credit: Back Market) Why Back Market is better

Back Market is the leading global marketplace for refurbished electronics, devices and accessories. It works with over 1,500 carefully vetted sellers to bring you the very best technology at the very best prices, saving you cash while also helping reduce your environmental footprint: when you buy refurbished you're reducing the amount of raw materials, water and energy used to deliver your digital delights.

So what does refurbished mean? It means taking pre-loved devices and restoring them to perfect working condition according to industry standards. You get all the benefits of buying pre-loved without any of the risk, so you can be confident that your device won't arrive locked, with a duff battery, or with a dodgy history. If there are any faults they're fixed professionally, and then the device is fully tested and checked by industry professionals. Not only that but it comes backed with a 1-year warranty and a 30-day return policy.

The big benefit of buying refurbished is that it saves you tons of money compared to the cost of buying new. But it should also help you sleep with a clean conscience: buying a refurbished device means producing up to 92% fewer CO2 emissions than buying new.

(Image credit: Back Market) How to save serious sums on essential electronics

Whether you're looking for headphones or a hair dryer, a console or a coffee machine, a smartphone or a shaver, simply pick your product and decide how much money you'd like to save. To do that it's just a matter of choosing the appropriate category: Fair, Good, Excellent or for phones, Premium.

Every device Back Market sells is 100% functional and fully guaranteed, but you can choose how pristine you want its appearance to be. The very cheapest items, classified as Fair, may have some minor cosmetic imperfections and some signs of use but offer the most massive savings; Good ones look great, Excellent are even better and Premium phones look factory-fresh.

You'll see a lot of so-called crazy deals during the Black Friday frenzy. But if you're serious about saving money and want to get great tech that's better for the environment too, there's only one place you need to know. Click here to find your new favourite device for a price you'll really like: here's the Back Market site for the UK, and here's the Back Market site for the US.

Light up your house with the right bulbs to make it more aesthetic or functional. According to CNET experts, these are the best LED light bulbs.

The highly rated OnePlus Watch 2 is now at a record low price as a part of Black Friday sales

Using satellites as a backup for cell service, and providing coverage in areas where traditional service doesn't cover, just took a big step forward.

We spoke with experts to find the right CBD dosage for you.

Need a smartphone? These Black Friday deals are the best we've seen all year on Android phones, accessories, and even iPhones.

• Researchers from AmberWolf find two flaws in popular VPN products
• Flaws can be abused to get the VPNs to connect to malicious servers
• The servers can use the connection to steal login credentials, drop malware, and more

Hackers have been using compromised VPN servers to steal sensitive information from connected VPN clients, security researchers are warning.

Earlier this year, cybersecurity experts from AmberWolf discovered criminals were tricking people into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to VPN servers under their control.

The criminals were using malicious websites, or documents in social engineering and phishing, to get people to connect.

Fixing the problem

Since the vulnerable VPN clients fail to properly authenticate or verify the legitimacy of the VPN server, attackers get to impersonate trusted servers, and are allowed several malicious actions, including stealing the victims’ login credentials, running arbitrary code with elevated privileges, installing malware through software updates, and more.

AmberWolf named the vulnerabilities “NachoVPN”, and reported them to the respective organizations.

On SonicWall’s side, the bug was tracked as CVE-2024-29014, and was fixed in July 2024, while on Palo Alto Networks’ side, it was tracked as CVE-2024-5921, and was addressed in November 2024.

The first clean version of NetExtender Windows is 10.2.341. For Palo Alto, users should either install GlobalProtect 6.2.6, or run their VPN client in FIPS-CC mode.

Besides reporting the bugs to SonicWall and Palo Alto Networks, AmberWolf also shared an open-source tool, also called NachoVPN, which simulates the attack, BleepingComputer has found.

"The tool is platform-agnostic, capable of identifying different VPN clients and adapting its response based on the specific client connecting to it. It is also extensible, encouraging community contributions and the addition of new vulnerabilities as they are discovered," AmberWolf said.

"It currently supports various popular corporate VPN products, such as Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti Connect Secure," the company concluded in its announcement.

Via BleepingComputer

You might also like

• Zyxel VPN security flaw targeted by new ransomware attackers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now